(solved)Need help to remove virus/trojan

Recommended Posts

My computer has Norton Internet Security (NIS) installed, and I run Norton AntiVirus (NAV) once every 24 hours. All updates are installed automatically. I also have Norton's Anti Spy, SpySweeper, OestPatrol, Ad-Aware, SpyBot and SpyCatcher. None of these are detecting the problem. I've also run HouseCall from TrendMicro with no luck. Also run Nortons on-line virus check. I've run NAV both in Windows and in SafeMode. I've used McAfee's online virus scanner via PCPitstop as well as the PCPitstop virus scanner. Nothing detected.

How do I know I have a problem?

1) Can't send or receive e-mail using Outlook 2003, it will attempt, but times out.

2) Surfing is very slow (using a 3000kb/384kb DSL SBC service.

3) Most IMPORTANT is that whenever I try to start Iomatic's RegistryMedic 3.0 I get an error message: ERROR: Loader couldn't initialize service. When I click ok, a Norton AntiVirus window pops up saying HIGH RISK: VIRUS and lists Hacktool.Rootkit. Clicking on info, another window pops up with the followoing string: C:\WINDOWS\system32\SVKP.SYS. RegistryMedic was pruchased and downloaded from Iomagic. I've been using it for over a year on my old pc and on this one for about 2 months with NO problem.

NAV will quarantine or delete (depending what I request it to do), and all looks fine. I'm told to reboot to finish the process. When rebooted I try starting RegistryMedic again, and again I get the same message from NAV. I go through the same routine, and the results are always the same. I've done everything Norton's web page about Hacktool.Rootkit suggested to do. No luck.

I've also tried to search for the SVKP.SYS file but can't find it. And yes, I'm set to be able to see all system files. I've also tried to delete the file by using KillBox, but it didn't work either.

Please help, anyone!!! (I'm not familiar with using HJT. Would it help to run it, if so, where can I download it from, and how is it used?

What else can I do, short of either throw my pc out the window (it's only 2 months old, DELL DIM 9100) or reformat and start all over. I'd hate to do either of these.

Share this post

Link to post

Share on other sites

Thanks. I guess I should breathe a sigh of relief since Norton is only posting a false positive. However, I'm left with more questions still, but first, about E:drive. E:drive is a partition on my 500 GB harddrive. I've partitioned my HD (using PartitionMagic 8.0) into C, D, E, F and G. I use C:drive only for OS (WIN XP Pro) and all my programs. D:drive is for "My Documents", my QuickBooks data files and Quicken tax files. E:drive I have a folder where I store ALL downloaded software to, before I install them to my C:drive. I also store software documentation, training files etc. F:drive is not used right now, while G:drive has all my music and video files.

In addition, I have two external USB drives (Lacie) for backup.

MY QUESTIONS:

Q1) If I don't have a virus, trojan or rootkit, why won't RegistryMedic open?

Q2) Why has my Outlook 2003 come to an almost complete stop (when I open it, everything looks fine, then it automatically starts sending and downloading e-mail, and stops after about 5-8% of the checking is done)?

Q3) Norton WinDoctor has for the last 3-4 weeks told me that there are missing or invalid keys, the same 4 every time:

Q4) As some of the referrences question, if I've had RegistryMedic on this and other machines (for 1-2 yrs), and NAV, why this sudden False Positive (FP)?

Q5) Since I've deleted/quarantined the SVKP.SYS file several times, It's probably not there anymore. I have re-installed RegistryMedic (after cleaning traces of RegistryMedic and Iomatic using Find/Find next in RegEdit), but as soon as I try to run RegistryMedic I get the NAV allert and the cycle starts all over. How do I restore RegistryMedic?

Share this post

Link to post

Share on other sites

Q1) If I don't have a virus, trojan or rootkit, why won't RegistryMedic open?

the answer is simple: it is protected by this svkp.sys. the software wont run if it is not present. you see if the driver is not there svkp will assume that its being reverse engineered and thus refuses to run

the key to most of these problems is NAV stopping to detect this stupid false positive

i can understand why this file was added. it (svkp ) has been used in some nasties to protect the worm or trojan. but it is still not a malicious file

contrary to popular belief i dont think norton av is a bad antivirus, but perhaps it would be best to replace it with something else until they get this false positive fixed..

I will get with the Iomatic people and find out how to solve the issue with RegistryMedic. Just wondering, if I re-install a fresh download, would that help? Can I install the legit program for SVKP and solve the issue that way? Would that help NAV?

PS: I will be off-line probably for four days (hope less) starting tomorrow morning (Monday) due to my ISP (SBC) doing work and changing my DSL incoming wiring. If you don't "see" me here, you know why, and I'll be back hopefully no later than Thursday. However, I'll be looking for your replies via my notebook (dial up capable). My desktop does not have a modem. I'll check before bed tonight.